3 理解docker镜像
build,ship and run是基于镜像系统的.
打包环境,解决依赖;分层镜像,解决存储利用.
3.1 docker概念介绍
remote-image-hub/namespace/repository:tag
layer分层,每一层都由64们十六进制组成;最上层的layer ID是镜像ID,tag提供了易于人识别的名字.
/var/lib/docker
3.2 使用镜像
RESTful API或客户端command执行制作,上传,管理,下载.
3.2.1列出本机镜像
[root@220 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
docker.io/centos latest 0e0217391d41 2 weeks ago 196.6 MB
docker.io/busybox latest fef924a0204a 2 weeks ago 1.114 MB
[root@220 ~]# docker images --help
Usage: docker images [OPTIONS] [REPOSITORY]
List images
-a, --all=false Show all images (default hides intermediate images)
--digests=false Show digests
-f, --filter=[] Filter output based on conditions provided
--help=false Print usage
--no-trunc=false Don't truncate output
-q, --quiet=false Only show numeric IDs
[root@220 ~]# docker images --filter 'dangling=true' 过滤悬挂镜像(悬挂镜像对我们没有用,且占用资源)
[root@220 ~]# docker images --filter "dangling=true" -q |xargs docker images rmi 删除悬挂镜像
dockviz工具分析images之前分层关系
3.2.2 Build: 创建一个镜像
1.直接下载 [root@220 ~]# docker pull centos
2.导入镜像
docker import(导入包含文件系统的归档,并把它变成镜像)
docker load(导入docker save导出的镜像,导入后跟原来的ID分层全部一样)
[root@220 ~]# docker save -o busybox.tar busybox
[root@220 ~]# ls -l busybox.tar
-rw-r--r-- 1 root root 1323008 Mar 4 11:56 busybox.tar
[root@220 ~]# docker load -i busybox.tar
[root@220 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
docker.io/centos latest 0e0217391d41 2 weeks ago 196.6 MB
docker.io/busybox latest fef924a0204a 2 weeks ago 1.114 MB
3.制作镜像
docker export(导出)
docker commit(增量)
docker build(dockerfile)
3.2.3 ship: 传输镜像
是连接开发与运维的桥梁.
可制作镜像然后导入.
使用仓库,利用github的webhook功能自动触发
3.2.4 run:以images为模板启动容器
docker run
docker生命周期:build,ship and run
3.3 docker image 组织结构
image
数据(image layer)
元数据(json)
[root@220 ~]# docker daemon -D -s overlay -g /var/lib/docker
[root@220 ~]# ll /var/lib/docker/
total 24
drwx------ 2 root root 6 Feb 29 17:53 containers
drwx------ 5 root root 50 Feb 29 17:56 devicemapper
drwx------ 9 root root 4096 Mar 4 10:41 graph
-rw-r--r-- 1 root root 5120 Feb 29 20:33 linkgraph.db
drwxr-xr-x 8 root root 4096 Mar 4 10:41 overlay
-rw------- 1 root root 235 Feb 29 17:57 repositories-devicemapper
-rw------- 1 root root 235 Mar 4 11:57 repositories-overlay
drwx------ 2 root root 6 Mar 4 11:57 tmp
drwx------ 2 root root 26 Feb 29 17:56 trust
drwx------ 2 root root 6 Feb 29 17:53 volumes
3.3 Docker image的组织结构
3.3.1数据的内容
docker image 包含着数据及必要的元数据。数据由一层层的image layer组成,元数据则是一些JSON文件,用来数据(image layer)之间的关系及容器的一些配置信息。
[root@220 ~]# nohup docker daemon -D -s overlay -g /var/lib/docker &
[root@220 ~]# docker pull busybox
Using default tag: latest
Trying to pull repository docker.io/library/busybox ... latest: Pulling from library/busybox
9a163e0b8d13: Pull complete
fef924a0204a: Pull complete
library/busybox:latest: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.
Digest: sha256:97473e34e311e6c1b3f61f2a721d038d1e5eef17d98d1353a513007cf46ca6bd
Status: Downloaded newer image for docker.io/busybox:latest
这时有三层layer
[root@220 docker]# docker history busybox
IMAGE CREATED CREATED BY SIZE COMMENT
fef924a0204a 12 days ago /bin/sh -c #(nop) CMD ["sh"] 0 B
9a163e0b8d13 12 days ago /bin/sh -c #(nop) ADD file:7cdf7a89f6a004b2e9 1.114 MB
[root@220 ~]# cd /var/lib/docker/
[root@220 docker]# ls
containers(容器运行相关信息) devicemapper graph(各层的元数据) linkgraph.db overlay(各层数据) repositories-devicemapper repositories-overlay(总体信息) tmp trust(验证相关信息) volumes(数据卷相关信息)
[root@220 docker]# cat repositories-overlay |python -m json.tool 所有image及对应layerID
{
"ConfirmDefPush": true,
"Repositories": {
"docker.io/busybox": {
"latest": "fef924a0204a00b3ec67318e2ed337b189c99ea19e2bf10ed30a13b87c5e17ab"
}
}
}
数据和元数据
根据repositories-overlay中的id找到数据及元数据
[root@220 fef924a0204a00b3ec67318e2ed337b189c99ea19e2bf10ed30a13b87c5e17ab]# pwd
/var/lib/docker/graph/fef924a0204a00b3ec67318e2ed337b189c99ea19e2bf10ed30a13b87c5e17ab
[root@220 fef924a0204a00b3ec67318e2ed337b189c99ea19e2bf10ed30a13b87c5e17ab]# ls
checksum json layersize tar-data.json.gz
[root@220 fef924a0204a00b3ec67318e2ed337b189c99ea19e2bf10ed30a13b87c5e17ab]# cat json |python -m json.tool
{
"Size": 0,
"architecture": "amd64",
"config": {
"AttachStderr": false,
"AttachStdin": false,
"AttachStdout": false,
"Cmd": [
"sh"
],
"Domainname": "",
"Entrypoint": null,
"Env": null,
"ExposedPorts": null,
"Hostname": "13709f13afe1",
"Image": "9a163e0b8d138ec700b5a5f7e62509012f7eb34b9f86cd3bbeb3d183958114a9",
"Labels": {},
"MacAddress": "",
"NetworkDisabled": false,
"OnBuild": null,
"OpenStdin": false,
"PublishService": "",
"StdinOnce": false,
"Tty": false,
"User": "",
"VolumeDriver": "",
"Volumes": null,
"WorkingDir": ""
},
"container": "d23509cd0189de02bef382544ebfab515f29094f3c0e2f161fa7ce09afa8974e",
"container_config": {
"AttachStderr": false,
"AttachStdin": false,
"AttachStdout": false,
"Cmd": [
"/bin/sh",
"-c",
"#(nop) CMD [\"sh\"]"
],
"Domainname": "",
"Entrypoint": null,
"Env": null,
"ExposedPorts": null,
"Hostname": "13709f13afe1",
"Image": "9a163e0b8d138ec700b5a5f7e62509012f7eb34b9f86cd3bbeb3d183958114a9",
"Labels": {},
"MacAddress": "",
"NetworkDisabled": false,
"OnBuild": null,
"OpenStdin": false,
"PublishService": "",
"StdinOnce": false,
"Tty": false,
"User": "",
"VolumeDriver": "",
"Volumes": null,
"WorkingDir": ""
},
"created": "2016-02-16T22:59:37.407805421Z",
"docker_version": "1.9.1",
"id": "fef924a0204a00b3ec67318e2ed337b189c99ea19e2bf10ed30a13b87c5e17ab",
"os": "linux",
"parent": "9a163e0b8d138ec700b5a5f7e62509012f7eb34b9f86cd3bbeb3d183958114a9"
}
[root@220 ~]# docker inspect busybox
[
{
"Id": "fef924a0204a00b3ec67318e2ed337b189c99ea19e2bf10ed30a13b87c5e17ab",
"Parent": "9a163e0b8d138ec700b5a5f7e62509012f7eb34b9f86cd3bbeb3d183958114a9",
"Comment": "",
"Created": "2016-02-16T22:59:37.407805421Z",
"Container": "d23509cd0189de02bef382544ebfab515f29094f3c0e2f161fa7ce09afa8974e",
"ContainerConfig": {
"Hostname": "13709f13afe1",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": null,
"PublishService": "",
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": null,
"Cmd": [
"/bin/sh",
"-c",
"#(nop) CMD [\"sh\"]"
],
"Image": "9a163e0b8d138ec700b5a5f7e62509012f7eb34b9f86cd3bbeb3d183958114a9",
"Volumes": null,
"VolumeDriver": "",
"WorkingDir": "",
"Entrypoint": null,
"NetworkDisabled": false,
"MacAddress": "",
"OnBuild": null,
"Labels": {}
},
"DockerVersion": "1.9.1",
"Author": "",
"Config": {
"Hostname": "13709f13afe1",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": null,
"PublishService": "",
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": null,
"Cmd": [
"sh"
],
"Image": "9a163e0b8d138ec700b5a5f7e62509012f7eb34b9f86cd3bbeb3d183958114a9",
"Volumes": null,
"VolumeDriver": "",
"WorkingDir": "",
"Entrypoint": null,
"NetworkDisabled": false,
"MacAddress": "",
"OnBuild": null,
"Labels": {}
},
"Architecture": "amd64",
"Os": "linux",
"Size": 0,
"VirtualSize": 1113554,
"GraphDriver": {
"Name": "overlay",
"Data": {
"RootDir": "/var/lib/docker/overlay/fef924a0204a00b3ec67318e2ed337b189c99ea19e2bf10ed30a13b87c5e17ab/root"
}
}
}
]
Docker把Cgroup,Namespace等容器相关技术整合带入大众视野,糅合老技术适应新技术。
Docker引入联合挂载(union mount)使镜像分层;Git式的管理方式使基础镜像重用。
联合文件(overlayFS)挂载:这类文件系统会把多个目录,可能对应不同的文件系统,挂载到同一个目录,对外呈现这些目录的联合。
写时复制 copy-on-write,所有导致文件谈到的修改都会添加到新的文件层。
写时复制是Docker image之所以如此强大的重要原因。快,省空间。
[root@220 ~]# cat /proc/filesystems |grep overlay
nodev overlay
联合文件系统是实现写时复制的基础。
ubuntu使用aufs,redhat,suse使用devicemapper,另外btrfs也具有写时复制的能力。
[root@220 ~]# mkdir dockerimage
[root@220 ~]# cd dockerimage/
[root@220 dockerimage]# ls
[root@220 dockerimage]# mkdir material
[root@220 dockerimage]# echo bad > material/concrete
[root@220 dockerimage]# echo rebar > material/rebar
[root@220 dockerimage]# mkdir material2
[root@220 dockerimage]# echo good > material2/concrete
[root@220 dockerimage]# echo marble > material2/marble
[root@220 dockerimage]# mkdir merge work build
[root@220 dockerimage]# ls
build material material2 merge work
[root@220 dockerimage]# mount -t overlay overlay -o lowerdir=material:material2,upperdir=build,workdir=work merge
[root@220 dockerimage]# echo 'main structure' > merge/frame
阅读(2893) | 评论(0) | 转发(0) |